12 matches found
EUVD-2022-0040
Malicious code in bioql PyPI...
Cobbler Command Injection Vulnerability (CNVD-2022-18324)
Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installations. A command injection vulnerability exists in versions of Cobbler prior to 3.3.1, stemming from the checkforinvalidimports function in the templar.py file, which allows Cheetah code ...
Privilege Escalation
cobbler is vulnerable to privilege escalation. The vulnerability exists due to the lack of template sanitization in the checkforinvalidimports function of templar.py, allowing Cheetah code to import Python modules without permission...
GHSA-6CM4-GM85-972C Command Injection in Cobbler
An issue was discovered in Cobbler through 3.3.0. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...
Command Injection in Cobbler
An issue was discovered in Cobbler through 3.3.0. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...
CVE-2021-45082
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...
CVE-2021-45082
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...
Design/Logic Flaw
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...
CVE-2021-45082
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...
PYSEC-2022-37
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...
CVE-2021-45082
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...
Cobbler 命令注入漏洞
Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installations. A command injection vulnerability exists in versions of Cobbler prior to 3.3.1, stemming from the checkforinvalidimports function in the templar.py file, which allows Cheetah code ...